Bug 149270 - logrotate is messing up with noexec mounted /tmp
Summary: logrotate is messing up with noexec mounted /tmp
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: logrotate
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-21 20:06 UTC by Michal Jaegermann
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-02-22 13:20:35 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Check this. (46.80 KB, text/plain)
2005-02-22 13:19 UTC, Peter Vrabec
no flags Details

Description Michal Jaegermann 2005-02-21 20:06:14 UTC
Description of problem:

After an updgrade to FC3 logrotate fails to switch to new logs
with only not that informative messages from cron like:

error: error running shared postrotate script for /var/log/cups/*_log

Debugging information is not much more revealing either and
only strace eventually shows that logrotate writes to a file with
permissions 0700 in /tmp and tries to run that directly instead
of doing "sh /tmp/<whatever>".  With /tmp which happens to be mounted
"noexec" this clearly fails.

Moreover logrotate.conf does not provide any options to switch
temporary directory somewhere else. Luckily TMPDIR seems to work
but AFAICS this is not mentioned in a documentation either.

Older versions of logrotate did not suffer from this affliction
so this came as a nasty surprise.

Version-Release number of selected component (if applicable):
logrotate-3.7.1-2

Comment 1 Peter Vrabec 2005-02-22 13:19:57 UTC
Created attachment 111293 [details]
Check this.

I hope it will work fine. Logrotate does not use tmpfile in /tmp to run script.

Comment 2 Michal Jaegermann 2005-02-22 16:44:08 UTC
What I see in a code indeed it looks that it will work.  There is
one more nit, though.  Both the current and the previous code
(it was writing "#!/bin/sh\n\n" at the top of a temporary file)
presume that all logrorate scripts would have to comprise from
a valid sh code (well, bash in practical terms).  I do not see
that explicitely documented anywhere.

A trivial "one liner" shell wrapper really allows to use there
anything which will execute but one should not dig through sorces
to reach that conclusion.


Comment 3 Kristina Clair 2005-04-13 16:07:41 UTC
"Luckily TMPDIR seems to work
but AFAICS this is not mentioned in a documentation either."

How exactly would I use TMPDIR to get around this problem?  I tried defining it
in the shell script that runs logrotate, but that didn't help.


Comment 4 Michal Jaegermann 2005-04-13 17:12:34 UTC
export TMPDIR=/var/tmp

as the second line in /etc/cron.daily/logrotate should do assuming that
a version of /usr/sbin/logrotate pays attention to that variable.  Worksforme.

Comment 5 Michal Jaegermann 2005-10-16 16:28:36 UTC
3.7.1-5.RHEL4, with last changelog entries from 2005-07-13, is broken in
the same way as 3.7.1-2


Note You need to log in before you can comment on or make changes to this bug.